46 lines
1.7 KiB
YAML
46 lines
1.7 KiB
YAML
nebula_version: 1.8.0
|
|
nebula_network_name: "My Nebula Mesh Network"
|
|
nebula_network_cidr: 24
|
|
nebula_ca_cert_duration: "87600h0m0s" #10 years
|
|
nebula_client_cert_duration: "43800h0m0s" #5 years
|
|
nebula_clean_install: false
|
|
nebula_lighthouse_build_hosts_file: true
|
|
nebula_node_lighthouse_in_hosts_file: true
|
|
nebula_node_use_lighthouse_as_relay: true
|
|
nebula_install_check_cron: true
|
|
|
|
|
|
nebula_lighthouse_hostname: lighthouse
|
|
nebula_lighthouse_internal_ip_addr: 192.168.77.1
|
|
nebula_lighthouse_public_hostname: my-nebula-server.com
|
|
nebula_lighthouse_public_port: 4242
|
|
nebula_lighthouse_is_relay: true
|
|
nebula_lighthouse_extra_config: {}
|
|
|
|
# Lighthouse remote_allow_list configuration
|
|
# Controls IP ranges that this node will consider when handshaking to another node
|
|
# Format: CIDR: boolean (true to allow, false to deny)
|
|
# If all rules are "allow", default will be "deny", and vice-versa
|
|
# If both "allow" and "deny" rules are present, you MUST set a rule for "0.0.0.0/0" as default
|
|
nebula_lighthouse_remote_allow_list: {}
|
|
|
|
# Lighthouse local_allow_list configuration
|
|
# Filters which local IP addresses are advertised to the lighthouses
|
|
# Can specify interfaces map of regular expressions to match against interface names
|
|
# Format: CIDR: boolean or interfaces: { interface_regex: boolean }
|
|
nebula_lighthouse_local_allow_list: {}
|
|
|
|
nebula_metrics_prometheus_enabled: false
|
|
nebula_metrics_prometheus_listen: "127.0.0.1:4244"
|
|
nebula_metrics_prometheus_path: "/metrics"
|
|
nebula_metrics_prometheus_namespace: nebula
|
|
nebula_metrics_prometheus_interval: 10s
|
|
|
|
nebula_firewall_block_action: drop
|
|
|
|
nebula_inbound_rules:
|
|
- { port: "any", proto: "any", host: "any" }
|
|
nebula_outbound_rules:
|
|
- { port: "any", proto: "any", host: "any" }
|
|
|